I am now using OAuth for authentication to my app. I've protected
some URLs in my web.xml with:
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
However, a signed OAuth request to one of these URLs still replies
with a 302 redirect to the Google signin page for my app. Is this
expected behaviour? I'd expect that a signed OAuth request to these
protected URLs would be considered "signed in" and would therefore not
respond with a 302, but instead process the request.
I know the request is signed properly because I am able to get the
User via the OAuthService.getCurrentUser() call and log their email
address, etc.
Can I not use auth-constraints in my web.xml when using OAuth only?
Help appreciated,
Derek
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
